A race condition was found in vdsm. Functionality to obfuscate sensitive values in log files that may lead to values being stored in clear text.
CVSS Score
4.7
EPSS Score
0.0
Published
2022-08-26
vdsm: certificate generation upon node creation allowing vdsm to start and serve requests from anyone who has a matching key (and certificate)
CVSS Score
7.5
EPSS Score
0.002
Published
2019-11-25
A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemd_run function exposed to the vdsm system user could be abused to execute arbitrary commands as root.
CVSS Score
6.4
EPSS Score
0.001
Published
2019-03-25
It was found that vdsm before version 4.20.37 invokes qemu-img on untrusted inputs without limiting resources. By uploading a specially crafted image, an attacker could cause the qemu-img process to consume unbounded amounts of memory of CPU time, causing a denial of service condition that could potentially impact other users of the host.
CVSS Score
6.5
EPSS Score
0.003
Published
2018-08-09